Dnsmasq Security Update

Summary

Cradlepoint was notified of critical security vulnerabilities discovered in the dnsmasq network service (CVE-2017-14491 and others); in response Cradlepoint has taken steps to incorporate the dnsmasq version 2.78 into its latest NetCloud OS.

If exploited, this vulnerability could allow attackers to remotely execute code, forward the contents of process memory, or disrupt service on an affected router. As described in various sources, this flaw is difficult to trigger, requiring an attacker who controls a specific domain to send DNS requests to dnsmasq requiring it to cache replies from that domain. Through carefully constructing DNS requests and responses, dnsmasq could cause an internal buffer overflow using content influenced by the attacker.

Contact Us

Company Information:

USAT Corp. is a stocking distributor of top-tier cellular modems, cellular gateways, cellular routers, and ruggedized managed and unmanaged switches designed for critical infrastructure applications. USAT designs and fabricates antenna assemblies that maximize the performance of this type equipment on the cellular network.